Security bug in Edge password manager

Question

So in Edge password manager, you took care of this problem by showing a fixed number of stars to prevent unauthorized users from seeing the exact number of characters in each password.

but the problem is, you can still see the total number of password characters when you go to each website.

notice the upper password has 3 characters more and I checked and confirm that the number of stars correctly represent the number of characters in the unmasked password.

and since an attacker can see the websites names in plain text in Edge password manager:

edge://settings/passwords

all they have to do is to go to that website, click on the username/password field to view the exact number of password characters.

using Edge dev Version 87.0.664.8 (Official build) dev (64-bit)

(also sent using feedback button on Edge)

kam · Answer

HotCakeX&nbsp; Yeah, what can we do?!

hotcakex · Answer

Kam&nbsp;I don't see the need to add others, again if i wanted to do that i'd do it myself.I dont care who drew is or whatever.jesus.

kam · Answer

‌‌ HotCakeX&nbsp;&nbsp;&nbsp; I already told you sorry. If you want I'll edit my post.

hotcakex · Answer

Kam&nbsp;I don't care dude. it's not worth my time arguing.&nbsp;I just hate when someone trashes my post that actually has valuable content.

kam · Answer

Yeah I don't care either. Let's just stop arguing.

Forum Discussion

Security bug in Edge password manager

Share

Resources